Report - c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file

Report Overview

Submitted URL
c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=
IP
94.229.72.123
ASN
#42831 UK Dedicated Servers Limited
Submitted
2022-09-15 16:49:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.242.32.27
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	104.18.32.68
p274639.mybetterck.com	381189	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	497 B	108.168.193.189
c1.getapplicationmy.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	2.2 kB	199.115.116.162
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
btpnative.com	108657	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	7.2 kB	209.15.13.136
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	55 kB	34.120.237.76
mybetterck.com	21362	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	1.3 kB	108.168.193.189

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-15	medium	getapplicationmy.info	Sinkholed
2022-09-15	medium	getapplicationmy.info	Sinkholed
2022-09-15	medium	getapplicationmy.info	Sinkholed

JavaScript (2)

	URL	Size	First Seen	Last Seen
	c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=	894 B	2023-03-07	2023-03-07
Pretty URL c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize= IP 199.115.116.162 ASN #30633 LEASEWEB-USA-WDC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:03:20 Last Seen2023-03-07 17:03:20 Times Seen1 Hash bc32816293c43a5df50aa767f1bbd1e5 d3740ed928b6e3cb7a166bec99a26de80b9e47f7 15a9ee84e93791c92efb4ea8bd8c80afb68b79053386cc4e4f5c1bee09c6bb13 Loading...

	btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303	4.1 kB	2023-03-07	2023-04-05
Pretty URL btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303 IP 209.15.13.136 ASN #13768 COGECO-PEER1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2023-04-05 01:56:36 Times Seen24 Hash a95ebc524317681eea9a586db022de39 4971459c3a5c26de04f1ca1edaa9c7ba225ee161 0bdbdaa3f492019a740ce5685efd434006c22801330be205bd590974e73c1b82 Loading...

HTTP Transactions (24)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 16:10:28 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tItqKvrw39J_2k5LnnQLOYF3yeQxG0XAighJXbtL2YDqlq4EsCVxlg==
Age: 2310

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6716f88f982aa553eaf5de31b2629224
97ab757b0a059027ffb04675114e5c55738fccaf
06af9ae9fc72a3aeb4be2b742128a0cb8ea4aff348afe2e4490d3639b3b377d9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06AF9AE9FC72A3AEB4BE2B742128A0CB8EA4AFF348AFE2E4490D3639B3B377D9"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2284
Expires: Thu, 15 Sep 2022 17:27:02 GMT
Date: Thu, 15 Sep 2022 16:48:58 GMT
Connection: keep-alive

c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=

199.115.116.162

200 OK

998 B

URL HTTP/1.1
c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=
IP
199.115.116.162:0
ASN
#30633 LEASEWEB-USA-WDC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (998), with no line terminators
Size
998 B (998 bytes)
Hash
d23447ec73e8b67ad726553093c52996
9dae06df9a94df163e841734204378e42c8135b9
130bab5a3364394cc3eb33492a799e1c2da698e1050be82dcd164b86bdecc19f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize= HTTP/1.1
Host: c1.getapplicationmy.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 998
content-type: text/html; charset=utf-8
date: Thu, 15 Sep 2022 16:48:57 GMT
server: nginx
set-cookie: sid=4b130c06-3516-11ed-ae5a-2069c9e91247; path=/; domain=.getapplicationmy.info; expires=Tue, 03 Oct 2090 20:03:05 GMT; max-age=2147483647; HttpOnly

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7fRIopiNIne3qx3J8sa1U3rivXoO209pF4plW3CBpElhAZdHumMH9w==
age: 44023
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 16:48:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

c1.getapplicationmy.info/favicon.ico

199.115.116.162

404 Not Found

9 B

URL HTTP/1.1
c1.getapplicationmy.info/favicon.ico
IP
199.115.116.162:0
ASN
#30633 LEASEWEB-USA-WDC

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: c1.getapplicationmy.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=
Cookie: sid=4b130c06-3516-11ed-ae5a-2069c9e91247

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Thu, 15 Sep 2022 16:48:58 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 16:03:22 GMT
Expires: Thu, 15 Sep 2022 16:03:50 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UrhDJhoh_bq6qDcO3f3n8qcOd0JuhjoVkV0q2noLm7J2IZw-bmFaLg==
Age: 2736

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2518
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 16:48:59 GMT
Last-Modified: Thu, 15 Sep 2022 16:07:01 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.242.32.27

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.32.27:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QrwOr1B/W6UQgPwaL1qpQA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KXxQWxVA3htnj5zDNVzxHl2kLUQ=

c1.getapplicationmy.info/?affiliate_id=0&amp=&browser_id=1&country_code=ru&download_id=6602691838774307773&external_id=0&filesize=&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&installer_id=2255057096231827091&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MzI2NzczOCwiaWF0IjoxNjYzMjYwNTM4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2FoZDlkbGRucjZqbzJ0NzgwYWo4NGMiLCJuYmYiOjE2NjMyNjA1MzgsInRzIjoxNjYzMjYwNTM4MzUyNDk4fQ.tLQ_Ozc8rfH7Mh0fh0bSaek7v_4j-jTxm29W4TxSDs8&locale=en&page_id=0&product_download_url=fs07n5.sendspace.com%2Fdllp%2F3fe61bf7e0820f4486f0fd49f701ceda%2F523b3ae4%2F000000%2Fue30nl%2Fsunlifeevent.wmv&product_file_name=error.txt&product_name=sunlifeevent.wmv&publisher_id=34&reff=&reffer=www.sendspace.com&session_id=11841850619465840489&sid=4b130c06-3516-11ed-ae5a-2069c9e91247&source_id=0&step_id=1

199.115.116.162

302 Found

11 B

URL HTTP/1.1
c1.getapplicationmy.info/?affiliate_id=0&amp=&browser_id=1&country_code=ru&download_id=6602691838774307773&external_id=0&filesize=&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&installer_id=2255057096231827091&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MzI2NzczOCwiaWF0IjoxNjYzMjYwNTM4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2FoZDlkbGRucjZqbzJ0NzgwYWo4NGMiLCJuYmYiOjE2NjMyNjA1MzgsInRzIjoxNjYzMjYwNTM4MzUyNDk4fQ.tLQ_Ozc8rfH7Mh0fh0bSaek7v_4j-jTxm29W4TxSDs8&locale=en&page_id=0&product_download_url=fs07n5.sendspace.com%2Fdllp%2F3fe61bf7e0820f4486f0fd49f701ceda%2F523b3ae4%2F000000%2Fue30nl%2Fsunlifeevent.wmv&product_file_name=error.txt&product_name=sunlifeevent.wmv&publisher_id=34&reff=&reffer=www.sendspace.com&session_id=11841850619465840489&sid=4b130c06-3516-11ed-ae5a-2069c9e91247&source_id=0&step_id=1
IP
199.115.116.162:0
ASN
#30633 LEASEWEB-USA-WDC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?affiliate_id=0&amp=&browser_id=1&country_code=ru&download_id=6602691838774307773&external_id=0&filesize=&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&installer_id=2255057096231827091&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2MzI2NzczOCwiaWF0IjoxNjYzMjYwNTM4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2FoZDlkbGRucjZqbzJ0NzgwYWo4NGMiLCJuYmYiOjE2NjMyNjA1MzgsInRzIjoxNjYzMjYwNTM4MzUyNDk4fQ.tLQ_Ozc8rfH7Mh0fh0bSaek7v_4j-jTxm29W4TxSDs8&locale=en&page_id=0&product_download_url=fs07n5.sendspace.com%2Fdllp%2F3fe61bf7e0820f4486f0fd49f701ceda%2F523b3ae4%2F000000%2Fue30nl%2Fsunlifeevent.wmv&product_file_name=error.txt&product_name=sunlifeevent.wmv&publisher_id=34&reff=&reffer=www.sendspace.com&session_id=11841850619465840489&sid=4b130c06-3516-11ed-ae5a-2069c9e91247&source_id=0&step_id=1 HTTP/1.1
Host: c1.getapplicationmy.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c1.getapplicationmy.info/?step_id=1&installer_id=2255057096231827091&publisher_id=34&source_id=0&page_id=0&affiliate_id=0&country_code=ru&locale=en&browser_id=1&download_id=6602691838774307773&external_id=0&session_id=11841850619465840489&hardware_id=5269729652507506279&installer_file_name=sunlifeevent.wmv&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&amp=&product_download_url=fs07n5.sendspace.com/dllp/3fe61bf7e0820f4486f0fd49f701ceda/523b3ae4/000000/ue30nl/sunlifeevent.wmv&product_name=sunlifeevent.wmv&reff=&reffer=www.sendspace.com&product_file_name=error.txt&filesize=
Cookie: sid=4b130c06-3516-11ed-ae5a-2069c9e91247
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Thu, 15 Sep 2022 16:48:59 GMT
location: http://btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303
server: nginx
set-cookie: sid=4b130c06-3516-11ed-ae5a-2069c9e91247; path=/; domain=.getapplicationmy.info; expires=Tue, 03 Oct 2090 20:03:07 GMT; max-age=2147483647; HttpOnly

btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303

209.15.13.136

200 OK

2.1 kB

URL HTTP/1.1
btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303
IP
209.15.13.136:0
ASN
#13768 COGECO-PEER1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Size
2.1 kB (2143 bytes)
Hash
8c1feff51fa05ac1acd6bccb405465e0
654bc4cf3a6581cfd758d6d9a0d772c55ec37ee7
fb4f51a2e5d98173ef1bef31bbeab4766277f88a6a73b9fdd09546340d3a1065

HTTP Headers

GET /click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c1.getapplicationmy.info/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: ublMTEaPDCFILqO=ublMTEaPDCFILqO; path=/
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Thu, 15 Sep 2022 16:48:59 GMT
Content-Length: 2143

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15053
Expires: Thu, 15 Sep 2022 20:59:53 GMT
Date: Thu, 15 Sep 2022 16:49:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15053
Expires: Thu, 15 Sep 2022 20:59:53 GMT
Date: Thu, 15 Sep 2022 16:49:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15053
Expires: Thu, 15 Sep 2022 20:59:53 GMT
Date: Thu, 15 Sep 2022 16:49:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8447 bytes)
Hash
5a6939786c9343412c9af87efd3f44e0
14131148fda4e8d85b582fd20e76bcc814341bf1
8412c50f0fdc131d9c4422f2d7307fc1ee062c3580a1d754ef71cf84f9727d49

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8447
x-amzn-requestid: 6a307dbf-af18-4b40-a2c4-cda4a6e302d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLe84HUzIAMFkUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631adeb8-166dc8b954f4e5b50a0843de;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 06:35:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qQaQeJRgo5OcpjqbzgyZQCl-pYpvj6P_aoB07WGfV0YXyZqv4AQNCg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:42:17 GMT
age: 68803
etag: "14131148fda4e8d85b582fd20e76bcc814341bf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5078 bytes)
Hash
f50c34bc30a732593e8fe465055a44ff
af100925cba1be716fd2200715d6136bd7f0c5bc
703049736ccc8815945d69634059c4cd39533417e0969107d460c36a6787c761

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5078
x-amzn-requestid: b6177371-a8ba-4541-a48d-21bd806e866e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0erUHT-IAMFWKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311ab15-157ed5b700e0aad5481f5c0f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:04:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vlo8vCUrKDtvhAGHSYKMmPk-wVNgx9OlU3ZVrpgG0tgk8ZBllAtXNQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:58 GMT
age: 73622
etag: "af100925cba1be716fd2200715d6136bd7f0c5bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9400 bytes)
Hash
4833535b1650b0ac875704023b650e66
96ab8cd8e14350f730d26731f3445710324e24e2
d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0nTpbTo79RT78Sin1pTWaq4pRKWZyqnBkZCT2p66wWoW-A1OScJmIg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:09 GMT
age: 73671
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9071 bytes)
Hash
1633672fad0b564108cf81ad711dc881
d37ad0f40bc1f3f0022467dd0af2478980bd858a
cc7176a297f6009f07074fb9af796132b4452833be675bf378cc950fe81a582a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9071
x-amzn-requestid: b450f7cf-6cc7-4d1f-aef3-4496f0971727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeIxuEq6oAMF9jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632254d7-6912ef8731d81fa43b805e5b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:25:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6LDUuDX1W8-Q88pDJma0xCAd5QuJ0YV-VpJ_8LVyDHX9YN1k0fQZ8Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:25:28 GMT
etag: "d37ad0f40bc1f3f0022467dd0af2478980bd858a"
content-type: image/jpeg
age: 66212
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6770 bytes)
Hash
2e5f57ba37fac4e6047a9a321a8ec084
f6b742549ea35a4b1345cffb937a8bbcceee08ef
f8c67c54806e47089b9ba297599e3e4cde1fd2e2e38b76acc9e8de0e99d7b77e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6770
x-amzn-requestid: b7c9513c-b8ba-41c7-9f9a-0a9d2266172d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEVRIAMFygA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7a4408363cdc46c9355a9f47;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fqj5PljprRruE1jwYAVwKoHkjys-RakUjzuV67_Ued6T4et99JPxPg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:42:04 GMT
age: 68816
etag: "f6b742549ea35a4b1345cffb937a8bbcceee08ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9922 bytes)
Hash
3ef9865421a37eae9a4df04083d27485
c7cf1f6a259cece60a34261ec83ee00736e1d72b
723b65ba660f22281f85d6caceea23e9cd932ee9084dc905a08a585746c4c4cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9922
x-amzn-requestid: de1e3e45-74ff-41b2-986f-e78473cb6d98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVc1SGM7IAMFw0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631edb54-2099524d6f2c338b41eea101;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 07:10:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: g4LYoK2-sx5QTvWPxwsh8yhHjOswmtzMB6d4N9YAvQOvspuvSFbJOA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:17:07 GMT
age: 66713
etag: "c7cf1f6a259cece60a34261ec83ee00736e1d72b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

btpnative.com/Redirect/

209.15.13.136

302 Found

2.2 kB

URL HTTP/1.1
btpnative.com/Redirect/
IP
209.15.13.136:0
ASN
#13768 COGECO-PEER1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2142), with CRLF line terminators
Size
2.2 kB (2214 bytes)
Hash
027a56aee700ae41f339e5a0f7b959c8
de5fbe4e16fdc563dc88102a62d9a7d0e4957e35
e0c3e077cece6e540c996ff45ad0c70376414770618118a35caea201ba8eab63

HTTP Headers

POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=SGR6YjEtOTJIS1NIZ04xcTVha09JZzc1WVdnUzhGV05kQk1GRE1QT2hPbElYQUFGSVlOaGduaVA0LVhWaFI2bEV3ZFdMeUJETC1abnhWandZSDJWTXByU0JnRnBWWjZyOE1nbDhmY1dWUmo5eXFmT2szTDA2bWM5Vk1XS0pZYU5ueFJfcGd6NTYxckhvM2duemR1V2JJcFR3bnZvRFhwSDVzS2otX1ZybFJZMQ2&id=35861034-0793-441c-8502-e300892c5303
Cookie: ublMTEaPDCFILqO=ublMTEaPDCFILqO
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cO6UVpicQJlr61p0KGfGCCViRm2j4W8HnUW7B4pN7h9LzhSBMVsAVhP01H2yiS__esX152jrNZsPq3yGQPJxXcAu20esPp5mUmpSy35LDJ9EksHx8KKTxmZ7bCArU45ARqa6IT5YEGN6fK4ZQo-5RTa3IFU6_GWiOtjktFENBpsTBH8Ix7rv-o-hDwc3eliZ8w1c3_gviCtZyfuFl8aWibAMb7bre4z1nJYKMoDe0-GihTydKDN4tS4ljojxUfWyRe1cwYSO3hW0yR2F4Vfl9f89RdEwtQbmdnP_TT0ylJ3B3KbnJV5YwbPe_7svZdyhh1x3SQjATls6gG9CN6V73qwgw7H8zDtnK_4sCkGuu8-sn-IY95q6fgj_sU0RTy1ugMxp8Sk_tVGrfm0DMSDMYOf-Oc5Fyxnoclitee75HXECZw3VvtboKymcDGM__BSluxGZ3mdrCIXjkxiXPlO6PPE3xAH69dzCAQd1QdVsBTXltxEzKAYRghaK2jOPC_VPHkngNwUNnOgL2hXmCL90sB3Lu3zt1pjrNjsj6wbFkBw-bemSeUmbYWsOs71ZY1wj3Jk9SrrjUEQckOSRCh1Dg951cQqOcJZ29B7nd9X2aCKlBcEd0vWLWPcniTvq7FnLKlu5PnFcN8IVyCptB5yt7BZUVkbxdHsdTbN0FbaFQuHREK7VptwD0THcPT315QvHBFQUrhDW5NW7e0ac7-WRXkZa0xa1Tym71zXEuw6pdJZBSL1c9cFUTWuzuJS8FaOTxbZNL_sN3qJYRwxh8r78HQAD7M3w7tgN3ao1rz-2k-rxeA9qRgGvqzwTts7Pl5c5Ger73w_fEgDx3E85TnCFvszy6wgErdxrYTqXIMOGWk6Jh9GwoJII7YO3acraJPj2wOy0Y7yAkZzLXeCYLlhdQ7xlxCDP32lrwesoy_KG2FS-zBSEUFKb71x-qnXxYcXkJeDAXdPeD8k5Zh7Wk5sUOhCrUkrVnknsZwQ1LAI0XqrA__bwfFnhzrV1FR0Zg7JUj3Pbls2YdipcUZmuUX7tt1GWEs5211ITOYFlPiYIT1VSp4LqsPbK5Yj4UQNeDYaHEQdHUJdSb12nj7OC-or_UFN-biCvEX1_cz13XwyeZTGF1o-wk_BFh5zINnipd1hSNK7YOWLroL5e5wAN9fa0E-VHemtA5-njSYs2CsHl7oxvieyZzLOxGlg8yRP-l9k4uHTgGnZxstzZIGD6jRWxVibfvumnr1CklXdqdyQJueqJ85r88Jne4OBHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5iQZyOHl1bR_ldLStVG0hIW97nm6yiHWrABMkdxsM1RM5vQiEKNsRdzCxVxDPVL3ZzkkD2Tg72D1svUGNvaqFiKGdgy2E1BkiGKV9FCfvlsRcfx0th3Q4kedNv5doOfNDV8WPY7XzEE6Du1jg2_y7T_dCa7EZrJEJRYYgkztjT90-K2L-uKionY-xOhZKvtjGQbXnfont6XiKBmxg2A8P-6hjQNe-qgCMhLnblafJRV4wTE94OsVhoW2pqwemq1iuk-95Ptt8jX58PBafMazbXX_ih0dWLFmRkjVynk8BtUekGko8eoV6LiOFwlzkCkbzr4hhb22dkpBFaeVOufzA9N3nZ8WfBUQKpBpKPHqFei6Af3OPbBrXN2DTu-xlaeORzlwdneqSDnuPKbvWNovtyuV0tK1UbSEhb3uebrKIdauoGh-xEWeqfaGouEuwLVY_TN51QfSABfbNJ8SvslHwWnPsbtk97hvO9DWrRNXJ2_UOUVA7kenMPN_aNU7tMO7t5oestkTcX-c
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Thu, 15 Sep 2022 16:49:00 GMT
Content-Length: 2214

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
7b4383036106b9deae9d84799fbc265f
f0817b4a4f016f5727d688dc00bb9d3f36f60d26
29f17a66df109964a80119d3dc5fc73f981a563bf5ec35b57146aa7346bdc3de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 16:49:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 07:06:36 GMT
Expires: Tue, 20 Sep 2022 07:06:35 GMT
Etag: "f0817b4a4f016f5727d688dc00bb9d3f36f60d26"
Cache-Control: max-age=396453,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b2da6d09c7b503-OSL

mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cO6UVpicQJlr61p0KGfGCCViRm2j4W8HnUW7B4pN7h9LzhSBMVsAVhP01H2yiS__esX152jrNZsPq3yGQPJxXcAu20esPp5mUmpSy35LDJ9EksHx8KKTxmZ7bCArU45ARqa6IT5YEGN6fK4ZQo-5RTa3IFU6_GWiOtjktFENBpsTBH8Ix7rv-o-hDwc3eliZ8w1c3_gviCtZyfuFl8aWibAMb7bre4z1nJYKMoDe0-GihTydKDN4tS4ljojxUfWyRe1cwYSO3hW0yR2F4Vfl9f89RdEwtQbmdnP_TT0ylJ3B3KbnJV5YwbPe_7svZdyhh1x3SQjATls6gG9CN6V73qwgw7H8zDtnK_4sCkGuu8-sn-IY95q6fgj_sU0RTy1ugMxp8Sk_tVGrfm0DMSDMYOf-Oc5Fyxnoclitee75HXECZw3VvtboKymcDGM__BSluxGZ3mdrCIXjkxiXPlO6PPE3xAH69dzCAQd1QdVsBTXltxEzKAYRghaK2jOPC_VPHkngNwUNnOgL2hXmCL90sB3Lu3zt1pjrNjsj6wbFkBw-bemSeUmbYWsOs71ZY1wj3Jk9SrrjUEQckOSRCh1Dg951cQqOcJZ29B7nd9X2aCKlBcEd0vWLWPcniTvq7FnLKlu5PnFcN8IVyCptB5yt7BZUVkbxdHsdTbN0FbaFQuHREK7VptwD0THcPT315QvHBFQUrhDW5NW7e0ac7-WRXkZa0xa1Tym71zXEuw6pdJZBSL1c9cFUTWuzuJS8FaOTxbZNL_sN3qJYRwxh8r78HQAD7M3w7tgN3ao1rz-2k-rxeA9qRgGvqzwTts7Pl5c5Ger73w_fEgDx3E85TnCFvszy6wgErdxrYTqXIMOGWk6Jh9GwoJII7YO3acraJPj2wOy0Y7yAkZzLXeCYLlhdQ7xlxCDP32lrwesoy_KG2FS-zBSEUFKb71x-qnXxYcXkJeDAXdPeD8k5Zh7Wk5sUOhCrUkrVnknsZwQ1LAI0XqrA__bwfFnhzrV1FR0Zg7JUj3Pbls2YdipcUZmuUX7tt1GWEs5211ITOYFlPiYIT1VSp4LqsPbK5Yj4UQNeDYaHEQdHUJdSb12nj7OC-or_UFN-biCvEX1_cz13XwyeZTGF1o-wk_BFh5zINnipd1hSNK7YOWLroL5e5wAN9fa0E-VHemtA5-njSYs2CsHl7oxvieyZzLOxGlg8yRP-l9k4uHTgGnZxstzZIGD6jRWxVibfvumnr1CklXdqdyQJueqJ85r88Jne4OBHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5iQZyOHl1bR_ldLStVG0hIW97nm6yiHWrABMkdxsM1RM5vQiEKNsRdzCxVxDPVL3ZzkkD2Tg72D1svUGNvaqFiKGdgy2E1BkiGKV9FCfvlsRcfx0th3Q4kedNv5doOfNDV8WPY7XzEE6Du1jg2_y7T_dCa7EZrJEJRYYgkztjT90-K2L-uKionY-xOhZKvtjGQbXnfont6XiKBmxg2A8P-6hjQNe-qgCMhLnblafJRV4wTE94OsVhoW2pqwemq1iuk-95Ptt8jX58PBafMazbXX_ih0dWLFmRkjVynk8BtUekGko8eoV6LiOFwlzkCkbzr4hhb22dkpBFaeVOufzA9N3nZ8WfBUQKpBpKPHqFei6Af3OPbBrXN2DTu-xlaeORzlwdneqSDnuPKbvWNovtyuV0tK1UbSEhb3uebrKIdauoGh-xEWeqfaGouEuwLVY_TN51QfSABfbNJ8SvslHwWnPsbtk97hvO9DWrRNXJ2_UOUVA7kenMPN_aNU7tMO7t5oestkTcX-c

108.168.193.189

302 Found

0 B

URL HTTP/2
mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cO6UVpicQJlr61p0KGfGCCViRm2j4W8HnUW7B4pN7h9LzhSBMVsAVhP01H2yiS__esX152jrNZsPq3yGQPJxXcAu20esPp5mUmpSy35LDJ9EksHx8KKTxmZ7bCArU45ARqa6IT5YEGN6fK4ZQo-5RTa3IFU6_GWiOtjktFENBpsTBH8Ix7rv-o-hDwc3eliZ8w1c3_gviCtZyfuFl8aWibAMb7bre4z1nJYKMoDe0-GihTydKDN4tS4ljojxUfWyRe1cwYSO3hW0yR2F4Vfl9f89RdEwtQbmdnP_TT0ylJ3B3KbnJV5YwbPe_7svZdyhh1x3SQjATls6gG9CN6V73qwgw7H8zDtnK_4sCkGuu8-sn-IY95q6fgj_sU0RTy1ugMxp8Sk_tVGrfm0DMSDMYOf-Oc5Fyxnoclitee75HXECZw3VvtboKymcDGM__BSluxGZ3mdrCIXjkxiXPlO6PPE3xAH69dzCAQd1QdVsBTXltxEzKAYRghaK2jOPC_VPHkngNwUNnOgL2hXmCL90sB3Lu3zt1pjrNjsj6wbFkBw-bemSeUmbYWsOs71ZY1wj3Jk9SrrjUEQckOSRCh1Dg951cQqOcJZ29B7nd9X2aCKlBcEd0vWLWPcniTvq7FnLKlu5PnFcN8IVyCptB5yt7BZUVkbxdHsdTbN0FbaFQuHREK7VptwD0THcPT315QvHBFQUrhDW5NW7e0ac7-WRXkZa0xa1Tym71zXEuw6pdJZBSL1c9cFUTWuzuJS8FaOTxbZNL_sN3qJYRwxh8r78HQAD7M3w7tgN3ao1rz-2k-rxeA9qRgGvqzwTts7Pl5c5Ger73w_fEgDx3E85TnCFvszy6wgErdxrYTqXIMOGWk6Jh9GwoJII7YO3acraJPj2wOy0Y7yAkZzLXeCYLlhdQ7xlxCDP32lrwesoy_KG2FS-zBSEUFKb71x-qnXxYcXkJeDAXdPeD8k5Zh7Wk5sUOhCrUkrVnknsZwQ1LAI0XqrA__bwfFnhzrV1FR0Zg7JUj3Pbls2YdipcUZmuUX7tt1GWEs5211ITOYFlPiYIT1VSp4LqsPbK5Yj4UQNeDYaHEQdHUJdSb12nj7OC-or_UFN-biCvEX1_cz13XwyeZTGF1o-wk_BFh5zINnipd1hSNK7YOWLroL5e5wAN9fa0E-VHemtA5-njSYs2CsHl7oxvieyZzLOxGlg8yRP-l9k4uHTgGnZxstzZIGD6jRWxVibfvumnr1CklXdqdyQJueqJ85r88Jne4OBHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5iQZyOHl1bR_ldLStVG0hIW97nm6yiHWrABMkdxsM1RM5vQiEKNsRdzCxVxDPVL3ZzkkD2Tg72D1svUGNvaqFiKGdgy2E1BkiGKV9FCfvlsRcfx0th3Q4kedNv5doOfNDV8WPY7XzEE6Du1jg2_y7T_dCa7EZrJEJRYYgkztjT90-K2L-uKionY-xOhZKvtjGQbXnfont6XiKBmxg2A8P-6hjQNe-qgCMhLnblafJRV4wTE94OsVhoW2pqwemq1iuk-95Ptt8jX58PBafMazbXX_ih0dWLFmRkjVynk8BtUekGko8eoV6LiOFwlzkCkbzr4hhb22dkpBFaeVOufzA9N3nZ8WfBUQKpBpKPHqFei6Af3OPbBrXN2DTu-xlaeORzlwdneqSDnuPKbvWNovtyuV0tK1UbSEhb3uebrKIdauoGh-xEWeqfaGouEuwLVY_TN51QfSABfbNJ8SvslHwWnPsbtk97hvO9DWrRNXJ2_UOUVA7kenMPN_aNU7tMO7t5oestkTcX-c
IP
108.168.193.189:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cO6UVpicQJlr61p0KGfGCCViRm2j4W8HnUW7B4pN7h9LzhSBMVsAVhP01H2yiS__esX152jrNZsPq3yGQPJxXcAu20esPp5mUmpSy35LDJ9EksHx8KKTxmZ7bCArU45ARqa6IT5YEGN6fK4ZQo-5RTa3IFU6_GWiOtjktFENBpsTBH8Ix7rv-o-hDwc3eliZ8w1c3_gviCtZyfuFl8aWibAMb7bre4z1nJYKMoDe0-GihTydKDN4tS4ljojxUfWyRe1cwYSO3hW0yR2F4Vfl9f89RdEwtQbmdnP_TT0ylJ3B3KbnJV5YwbPe_7svZdyhh1x3SQjATls6gG9CN6V73qwgw7H8zDtnK_4sCkGuu8-sn-IY95q6fgj_sU0RTy1ugMxp8Sk_tVGrfm0DMSDMYOf-Oc5Fyxnoclitee75HXECZw3VvtboKymcDGM__BSluxGZ3mdrCIXjkxiXPlO6PPE3xAH69dzCAQd1QdVsBTXltxEzKAYRghaK2jOPC_VPHkngNwUNnOgL2hXmCL90sB3Lu3zt1pjrNjsj6wbFkBw-bemSeUmbYWsOs71ZY1wj3Jk9SrrjUEQckOSRCh1Dg951cQqOcJZ29B7nd9X2aCKlBcEd0vWLWPcniTvq7FnLKlu5PnFcN8IVyCptB5yt7BZUVkbxdHsdTbN0FbaFQuHREK7VptwD0THcPT315QvHBFQUrhDW5NW7e0ac7-WRXkZa0xa1Tym71zXEuw6pdJZBSL1c9cFUTWuzuJS8FaOTxbZNL_sN3qJYRwxh8r78HQAD7M3w7tgN3ao1rz-2k-rxeA9qRgGvqzwTts7Pl5c5Ger73w_fEgDx3E85TnCFvszy6wgErdxrYTqXIMOGWk6Jh9GwoJII7YO3acraJPj2wOy0Y7yAkZzLXeCYLlhdQ7xlxCDP32lrwesoy_KG2FS-zBSEUFKb71x-qnXxYcXkJeDAXdPeD8k5Zh7Wk5sUOhCrUkrVnknsZwQ1LAI0XqrA__bwfFnhzrV1FR0Zg7JUj3Pbls2YdipcUZmuUX7tt1GWEs5211ITOYFlPiYIT1VSp4LqsPbK5Yj4UQNeDYaHEQdHUJdSb12nj7OC-or_UFN-biCvEX1_cz13XwyeZTGF1o-wk_BFh5zINnipd1hSNK7YOWLroL5e5wAN9fa0E-VHemtA5-njSYs2CsHl7oxvieyZzLOxGlg8yRP-l9k4uHTgGnZxstzZIGD6jRWxVibfvumnr1CklXdqdyQJueqJ85r88Jne4OBHQJpsyxV7m4MRXfqc9uZLPo2zZEFN5lY_FXAWgMdusLUVOz6tuUu0-COflArKyxRKSiEA1cvlrLvsQLmg2vrVlK5Pp8oP2etDvfwyvOBULiCG-9tNAm_5iQZyOHl1bR_ldLStVG0hIW97nm6yiHWrABMkdxsM1RM5vQiEKNsRdzCxVxDPVL3ZzkkD2Tg72D1svUGNvaqFiKGdgy2E1BkiGKV9FCfvlsRcfx0th3Q4kedNv5doOfNDV8WPY7XzEE6Du1jg2_y7T_dCa7EZrJEJRYYgkztjT90-K2L-uKionY-xOhZKvtjGQbXnfont6XiKBmxg2A8P-6hjQNe-qgCMhLnblafJRV4wTE94OsVhoW2pqwemq1iuk-95Ptt8jX58PBafMazbXX_ih0dWLFmRkjVynk8BtUekGko8eoV6LiOFwlzkCkbzr4hhb22dkpBFaeVOufzA9N3nZ8WfBUQKpBpKPHqFei6Af3OPbBrXN2DTu-xlaeORzlwdneqSDnuPKbvWNovtyuV0tK1UbSEhb3uebrKIdauoGh-xEWeqfaGouEuwLVY_TN51QfSABfbNJ8SvslHwWnPsbtk97hvO9DWrRNXJ2_UOUVA7kenMPN_aNU7tMO7t5oestkTcX-c HTTP/1.1
Host: mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 15 Sep 2022 16:49:01 GMT
content-length: 0
set-cookie: rhid=82024959486; Max-Age=15552000; Expires=Tue, 14-Mar-2023 16:49:01 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=kWFaCUptNn58R8TNhxcnkoiXD7klJ1soTN51QfSABfYD6oPh4t22c9B9_vdKnsZCUhrhXB7h4Q0Uuwo5IbgEBdUi6xSvMdRUq3nDjZUkzHvLJyjqHra8mGW6CHfeBodVgvgI1g_o4dK0Bqs_9EYIR_VYuzZSYLtak8a2TCfMlWrIMMlTWYfZjlToK4-_1ACOP0s6MBsFTTAOGVIq7SQHt2xDKr8Rw5O7dO4wvtGnrzTddVqW4b_Ykxw_vxfmXwaLNORDvO_u8SbIzzh0hp6ogO7JzK4vQzmiPaDGm4CwDwXfw_JoL1ALTR_29IAMKrswtsrhcGeRW6RqgEE0f5FjhxhGK23FSY41qKcxs6Dh5ORlqf_64l0Z6hpyy_YN0YQtpLSZmparWHWvrphb_I88ZSIO3PHyowRR_6p576eQm9fr2iPLc49PERgUkMD_VLeROfuqs0moSwPq7QXN-ylcxrw3TeQXSnFC-IokKZjFQZ7rqNKnLYX0tfkdODoysj_AwXSyWlq8FoNbaMHjMW5FMVZ1q7sg30V1X0j3MVUJ4vmn3Zyn6-Rw-YR_ep3g43JQoLurTSybV3_zVVlMvpZOzxY7hA_5WLvNF7vPMElssBC8QYVDSNYmQ3hu-U9ACuKtcekCIShJdvtuB6OXN_rsgcmEGqekUBiPLxdLCBTbS2E-vcPMz4vkC64iBhPFiFfoyJTuzQtneEKj1HVaOgt_lw&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSkHbcb-1BDENpkRqGy0rnGUP_Zkb4NjIgvaEJKjM1gz9RQujKO83wTgJL3ZoClQAJ3-bX-WJHZ_FuJx-ZtYdADQ&si=1&oref=22a3b7b148bba753762bd6aaf4a8a708&optunit=r66YW_yPPGUiDtzx8qMEUc7n_r2HV6hZ&rb=2Vb288azLYM&rr=0&abtg=0
X-Firefox-Spdy: h2

p274639.mybetterck.com/adServe/domainClick?ai=kWFaCUptNn58R8TNhxcnkoiXD7klJ1soTN51QfSABfYD6oPh4t22c9B9_vdKnsZCUhrhXB7h4Q0Uuwo5IbgEBdUi6xSvMdRUq3nDjZUkzHvLJyjqHra8mGW6CHfeBodVgvgI1g_o4dK0Bqs_9EYIR_VYuzZSYLtak8a2TCfMlWrIMMlTWYfZjlToK4-_1ACOP0s6MBsFTTAOGVIq7SQHt2xDKr8Rw5O7dO4wvtGnrzTddVqW4b_Ykxw_vxfmXwaLNORDvO_u8SbIzzh0hp6ogO7JzK4vQzmiPaDGm4CwDwXfw_JoL1ALTR_29IAMKrswtsrhcGeRW6RqgEE0f5FjhxhGK23FSY41qKcxs6Dh5ORlqf_64l0Z6hpyy_YN0YQtpLSZmparWHWvrphb_I88ZSIO3PHyowRR_6p576eQm9fr2iPLc49PERgUkMD_VLeROfuqs0moSwPq7QXN-ylcxrw3TeQXSnFC-IokKZjFQZ7rqNKnLYX0tfkdODoysj_AwXSyWlq8FoNbaMHjMW5FMVZ1q7sg30V1X0j3MVUJ4vmn3Zyn6-Rw-YR_ep3g43JQoLurTSybV3_zVVlMvpZOzxY7hA_5WLvNF7vPMElssBC8QYVDSNYmQ3hu-U9ACuKtcekCIShJdvtuB6OXN_rsgcmEGqekUBiPLxdLCBTbS2E-vcPMz4vkC64iBhPFiFfoyJTuzQtneEKj1HVaOgt_lw&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSkHbcb-1BDENpkRqGy0rnGUP_Zkb4NjIgvaEJKjM1gz9RQujKO83wTgJL3ZoClQAJ3-bX-WJHZ_FuJx-ZtYdADQ&si=1&oref=22a3b7b148bba753762bd6aaf4a8a708&optunit=r66YW_yPPGUiDtzx8qMEUc7n_r2HV6hZ&rb=2Vb288azLYM&rr=0&abtg=0

108.168.193.189

302 Found

0 B

URL HTTP/2
p274639.mybetterck.com/adServe/domainClick?ai=kWFaCUptNn58R8TNhxcnkoiXD7klJ1soTN51QfSABfYD6oPh4t22c9B9_vdKnsZCUhrhXB7h4Q0Uuwo5IbgEBdUi6xSvMdRUq3nDjZUkzHvLJyjqHra8mGW6CHfeBodVgvgI1g_o4dK0Bqs_9EYIR_VYuzZSYLtak8a2TCfMlWrIMMlTWYfZjlToK4-_1ACOP0s6MBsFTTAOGVIq7SQHt2xDKr8Rw5O7dO4wvtGnrzTddVqW4b_Ykxw_vxfmXwaLNORDvO_u8SbIzzh0hp6ogO7JzK4vQzmiPaDGm4CwDwXfw_JoL1ALTR_29IAMKrswtsrhcGeRW6RqgEE0f5FjhxhGK23FSY41qKcxs6Dh5ORlqf_64l0Z6hpyy_YN0YQtpLSZmparWHWvrphb_I88ZSIO3PHyowRR_6p576eQm9fr2iPLc49PERgUkMD_VLeROfuqs0moSwPq7QXN-ylcxrw3TeQXSnFC-IokKZjFQZ7rqNKnLYX0tfkdODoysj_AwXSyWlq8FoNbaMHjMW5FMVZ1q7sg30V1X0j3MVUJ4vmn3Zyn6-Rw-YR_ep3g43JQoLurTSybV3_zVVlMvpZOzxY7hA_5WLvNF7vPMElssBC8QYVDSNYmQ3hu-U9ACuKtcekCIShJdvtuB6OXN_rsgcmEGqekUBiPLxdLCBTbS2E-vcPMz4vkC64iBhPFiFfoyJTuzQtneEKj1HVaOgt_lw&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSkHbcb-1BDENpkRqGy0rnGUP_Zkb4NjIgvaEJKjM1gz9RQujKO83wTgJL3ZoClQAJ3-bX-WJHZ_FuJx-ZtYdADQ&si=1&oref=22a3b7b148bba753762bd6aaf4a8a708&optunit=r66YW_yPPGUiDtzx8qMEUc7n_r2HV6hZ&rb=2Vb288azLYM&rr=0&abtg=0
IP
108.168.193.189:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adServe/domainClick?ai=kWFaCUptNn58R8TNhxcnkoiXD7klJ1soTN51QfSABfYD6oPh4t22c9B9_vdKnsZCUhrhXB7h4Q0Uuwo5IbgEBdUi6xSvMdRUq3nDjZUkzHvLJyjqHra8mGW6CHfeBodVgvgI1g_o4dK0Bqs_9EYIR_VYuzZSYLtak8a2TCfMlWrIMMlTWYfZjlToK4-_1ACOP0s6MBsFTTAOGVIq7SQHt2xDKr8Rw5O7dO4wvtGnrzTddVqW4b_Ykxw_vxfmXwaLNORDvO_u8SbIzzh0hp6ogO7JzK4vQzmiPaDGm4CwDwXfw_JoL1ALTR_29IAMKrswtsrhcGeRW6RqgEE0f5FjhxhGK23FSY41qKcxs6Dh5ORlqf_64l0Z6hpyy_YN0YQtpLSZmparWHWvrphb_I88ZSIO3PHyowRR_6p576eQm9fr2iPLc49PERgUkMD_VLeROfuqs0moSwPq7QXN-ylcxrw3TeQXSnFC-IokKZjFQZ7rqNKnLYX0tfkdODoysj_AwXSyWlq8FoNbaMHjMW5FMVZ1q7sg30V1X0j3MVUJ4vmn3Zyn6-Rw-YR_ep3g43JQoLurTSybV3_zVVlMvpZOzxY7hA_5WLvNF7vPMElssBC8QYVDSNYmQ3hu-U9ACuKtcekCIShJdvtuB6OXN_rsgcmEGqekUBiPLxdLCBTbS2E-vcPMz4vkC64iBhPFiFfoyJTuzQtneEKj1HVaOgt_lw&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSkHbcb-1BDENpkRqGy0rnGUP_Zkb4NjIgvaEJKjM1gz9RQujKO83wTgJL3ZoClQAJ3-bX-WJHZ_FuJx-ZtYdADQ&si=1&oref=22a3b7b148bba753762bd6aaf4a8a708&optunit=r66YW_yPPGUiDtzx8qMEUc7n_r2HV6hZ&rb=2Vb288azLYM&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82024959486
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 15 Sep 2022 16:49:01 GMT
content-length: 0
set-cookie: rhid=82024959486; Max-Age=15552000; Expires=Tue, 14-Mar-2023 16:49:01 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-575901862-GETAPPLICATIONMY.INFO_ts_1663260541; Max-Age=3600; Expires=Thu, 15-Sep-2022 17:49:01 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type